package pubkeypin

kubernetes – k8s.io/kubernetes/cmd/kubeadm/app/util/pubkeypin Index | Files

package pubkeypin

import "k8s.io/kubernetes/cmd/kubeadm/app/util/pubkeypin"

Package pubkeypin provides primitives for x509 public key pinning in the style of RFC7469.

Index ¶

func Hash(certificate *x509.Certificate) string
type Set

func NewSet() *Set
func (s *Set) Allow(pubKeyHashes ...string) error
func (s *Set) CheckAny(certificates []*x509.Certificate) error
func (s *Set) Empty() bool

Functions ¶

func Hash ¶

func Hash(certificate *x509.Certificate) string

Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow).

Types ¶

type Set ¶

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of pinned x509 public keys.

func NewSet ¶

func NewSet() *Set

NewSet returns a new, empty PubKeyPinSet

func (*Set) Allow ¶

func (s *Set) Allow(pubKeyHashes ...string) error

Allow adds an allowed public key hash to the Set

func (*Set) CheckAny ¶

func (s *Set) CheckAny(certificates []*x509.Certificate) error

CheckAny checks if at least one certificate matches one of the public keys in the set

func (*Set) Empty ¶

func (s *Set) Empty() bool

Empty returns true if the Set contains no pinned public keys.

Source Files ¶

pubkeypin.go

Version: v1.33.0 (latest)
Published: Apr 23, 2025
Platform: linux/amd64
Imports: 5 packages
Last checked: 5 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples